← Back to CVE List

CVE-2024-52807

Published: 2025-01-24T19:15Z
Last Modified: 2025-01-24T19:15Z
Source: MITRE CVE List
License: MITRE-CVE-TOS
The HL7 FHIR IG publisher is a tool to take a set of inputs and create a standard FHIR IG. Prior to version 1.7.4, XSLT transforms performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag `( ]>` could produce XML containing data from the host system. This impacts use cases where org.hl7.fhir.publisher is being used to within a host where external clients can submit XML. A previous release provided an incomplete solution revealed by new testing. This issue has been patched as of version 1.7.4. No known workarounds are available. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt